It’s our industry’s favorite time of the year: Cyber predictions! I know. It’s hard to contain your excitement as a flood of predictions wash over you.
Annual cyber predictions are entertaining in my opinion. Some are half-baked conspiracy theories packed with buzz words and others are the obvious writings on the wall. In general, both are good for the community; they give us perspective and a range of what may be expected. The rest is up to the educated reader to determine if the threat prediction applies to their vertical or situation.
Nobody knows what exactly the future will hold for our industry, but strong indicators do help enable us to forecast trends in the coming years with some degree of accuracy.
A Quick Look Back
Last year I forecasted that 2019 would be an extension of the proverbial game of whack-a-mole that we saw in 2018. I also predicted that we would see categorical alterations to the current tactics, techniques and procedures seen in the Denial of Service landscape.
In 2019, the public cloud continuously experienced attacks. It seemed like almost every week, someone’s misconfigured server was being abused by cyber criminals. Ransom-based campaigns also continued to surge as many city governments across the United States were infected by ransomware, leaving many wondering what the future holds for connected smart cities.
In the realm of Denial of Service attacks, the first half of 2019 was quiet, due to a number of successful raids and take-downs targeting the DDoS-as-a-Service industry. Unfortunately, this hardly put a lasting dent in the overall activity or the economy. For example, within 24 hours of the Dutch police raiding KV solutions, a notorious bulletproof hosting provider, bot herders immediately relocated their C2 infrastructure to new hosting providers.
As a result, we ended up seeing a resurgence in DDoS attacks going into the second half of the year. In the last quarter of 2019 things really picked up when attackers began targeting Amazon’s Route 53, as well as South African ISP’s and the gaming vertical. During some of these attacks, Radware observed several new DDoS amplification attack vectors, such as WS-Discovery, MacOS ARMS, and Telegram MTProxy being leveraged in an attempt to bypass mitigation techniques. We also saw bot herders altering their tactics, techniques and procedures when they launched TCP reflection attacks that gained amplification.
What Will 2020 Hold?
Looking forward into 2020, I expect to see three evolutionary moments in the Denial of Service landscape.
- After four years of education, Script kiddies who grew up with Mirai will reach a new level of maturity and skill. As a result, we will see new bot herders become experts in their domain.
- With new criminal entrepreneurs coming of age, there will be new and expanded offerings via the DDoS-as-a-Service industry. As a result, there will be more raids, forcing criminals to consider new ways to host and advertise their services.
- There will be additional alterations to the current tactics, techniques and procedures seen in the Denial of Service landscape as new technology and defense mechanisms come of age.
Going into 2020, there will be many major world events, such as the Olympics and the U.S. presidential election, that will further underscore and amplify growing geopolitical tensions. As a result, cyber-related news will dominate headlines throughout 2020, leaving many to question whether society’s digital transformation is actually causing more problems than it was supposed to solve.
As industry leaders continue to invest in digital transformation to increase their competitive advantages and operational efficiencies, they will begin to realize these moves have only left them exposed and more vulnerable than ever before. They will begin to seek new security strategies as threat actors adjust to attacking new generation technology.
As always, bot herders will continue to research advanced technology with the goal of uncovering vulnerabilities and new techniques that will allow them to bypass modern security defenses. I believe in 2020 there will be a growth in the maturity level of what I call the ‘Mirai generation’, resulting in an increase in outages due to major Denial of Service attacks. This news will be largely amplified as a result of the expected 2020 news cycle.
Okay. That’s it! No more crystal balls until next year.
I hope everyone has a great, and most importantly safe, New Years!